[OpenID] Sidestepping lack of RP's

[SitG Admin]

(It occurred to me, as I was finishing this message, that this could 
be an opportunity for Attribute Exchange to step forward and be 
useful. I don't recall, unfortunately, and can't seem to locate, 
exactly where it was said that AX has become this extension with huge 
potential but we don't seem to be *doing* anything with it, to take 
advantage, so if you know where this was, please say something. 
Thanks.)

Another major site has begun "using" OpenID, but not as a Relying Party.

It's like a DRM scheme where the big players hold all the keys (but 
us "beneficiaries" aren't trusted/allowed to know our own), we have 
the illusion of being able to communicate with one another but, in 
practice, these interactions take place solely at the discretion of 
those big players, grouped by company and alliance.

Let's say that I see someone on MySpace that I want to "socialize" 
(the purported purpose of a "social" network, is it not?) with; 
unless they log onto my site directly, there is no way I have of 
communicating to them so much as the desire to talk, other than 
making a MySpace account.

I know that MySpace (and others) may be thinking that, if non-users 
(such as myself) and their users were able to set up channels of 
communication outside of MySpace, I would never *need* MySpace, and 
they wouldn't get any more users. But while the first part of this is 
true, I assert that if I can't get to know one of MySpace's users 
well enough to be certain that I *do* want to take advantage of 
MySpace's technology to be more connected to them in that way, 
MySpace is actually *losing* a new user, potentially.

The big players (MySpace, et all) should *advertise* their userbase, 
which is what they *are* doing (as Providers), but leaving it at that 
- while, perhaps, a decision based on risk as much as benefit - loses 
out on a lot of what OpenID's boundary-dissolving has to offer. How 
many sales do you make if you saturate the television stations and 
then, when you get a flood of callers, respond lackadaisically and 
show no real commitment to getting the caller to buy anything? This 
comparison does not quite fit since the respective major sites have 
*plenty* of features and all listed on their sites, it is just the 
follow-up to *advertising* which is practically nonexistent; at 
least, in the analogy, there is someone to answer the phones *at 
all*! Imagine what would happen if callers received no answer or 
worse yet found that the number had been disconnected, with the 
company uninterested if noone felt like coming out to their property 
in person to inquire about a purchase?!

But this message isn't about getting the big players to adopt OpenID 
as Relying Parties (though that would be nice), nor merely to focus 
on getting "communication between native users and OpenID users" 
raised into the spotlight; I thought of a way to mitigate this lack 
of communication, though admittedly at some risk of letting major 
sites say "Well then *we* don't need to do anything about it!":

You want to get in touch with, let's say, a MySpace user (they do 
seem to feature rather prominently in my examples; it seems fair, 
since they're the latest instance in a succession of "Let's 'support' 
OpenID by doing OP but not RP!"), but you don't know which sites they 
log into, so you log into a supporting RP's site and say "Please let 
*this* person know that *my* URI is trying to get in touch with 
them!". The next time they log in to that same RP (and there'll be a 
better chance of this if several major sites offer such a service to 
their OpenID users), the RP notifies them!

The same RP could even offer messaging capabilities, allowing you to 
get in touch with that MySpace user *outside* of MySpace *or* your 
own Identity site. For some fraction of use cases this would mean the 
RP was offering the feature for communications involving its *own* 
users, thus compromising the "outside of uncooperative RP's" promise 
this idea holds, but so what if it did? Just don't offer the service 
for your own users!

You may rest assured that other sites *will*.

This assumes, of course, that other sites are offering the service 
*at all*; but, let's go with that for a moment.

As a purely hypothetical use-case, I have a MySpace account and want 
to get in touch with someone who has a Yahoo account (Yahoo isn't a 
RP yet, are they? If they are, let's pretend they're not, or you can 
substitute the name of some other RP for "Yahoo" as you read on), so 
I can log on to AOL and leave a message for that Yahoo person - but I 
can't use the Yahoo service or the MySpace service for it, because 
Yahoo doesn't want to risk losing *their* user and MySpace doesn't 
want to risk losing *me*. I can only use the services at *other* 
sites, such as AOL.

And, of course, when AOL delivers such a notification, it'll also try 
to persuade the user with the Yahoo account to use *AOL's* internal 
messaging service to communicate further with you. Heck, there's even 
a home-field advantage - AOL has AIM, an "external" messaging 
service! Or maybe you're logging into some other site that has a deal 
with AOL whereby it recommends AIM (thereby outsourcing the 
responsibility of implementing a messaging service) and receives 
something else in return. But using an external messaging service 
would require *both* of the users to accept it, and sign up and 
everything, so I'm unhappy with the idea and I suggest that sites 
which utilize "internal" communication channels (requiring nothing 
more from OpenID users than their OpenID itself) will see a much 
better response to their service from users if they keep with the 
spirit of OpenID.

The *point*, though, of AOL trying to persuade the users of 3rd-party 
sites to use its own internal messaging service, is to get users 
interested in using *AOL*; to acquire additional users for its own 
site(s). And if AOL is the *only* site to offer such a service, I 
would expect it to leverage that for all it's worth; to exploit 
Attribute Exchange and say "Hmm. This user from WordPress has similar 
interests to that user from LiveJournal, let's bring that to their 
attention.", then saying "Hey folks, LJ won't play with WP and 
vice-versa, but if you come play over *here* we can connect you 
*both*."

This is, again, all purely hypothetical. For all I know LJ and WP 
already *do* play with one another. Anyway:

If enough sites begin providing such a service, it may become 
pressure on others to do the same. If you're losing clients to 
several other competitors and not employing the same technologies to 
return that favor, you may find yourself beginning to ask "Wait, why 
not?". In the long run, that exclusion clause for either user being 
of *your* site may disappear, because - with such a saturation in the 
rest of the web of means by which they can get in touch with one 
another, and interact, *outside* your site - all it's accomplishing 
is losing you clients, users who would otherwise migrate to other 
sites that are able (and willing) to provide services *you* won't.

I'm hoping that the exclusion clause (where you don't have to offer 
notification/messaging between users if either one of them "belongs" 
to you) will eliminate enough of the objections to providing such a 
service that there can *be* a "long run" for it.

-Shade